|
||||||||
Op 18-2-2011 1:28, Adam Swift schreef: > On Thu, 17 Feb 2011, Egbert Jan van den Bussche > <egbert at vandenbussche dot nl> wrote: > >> What means the "@xxx:yyy" field in the lines send to syslog? Can I >> relate it in some way to the rules in the .xml file? I see xxx: 0, 200 >> and 10100. > > After a bit of digging I have your answer. > m0n0wall uses ipmon ( > http://www.freebsd.org/cgi/man.cgi?query=ipmon&sektion=8 ) for firewall > logging. From the man page for ipmon: > "4. The group and rule number of the rule, e.g., @0:17. These can be > viewed with ipfstat -n." > > Although I believe the command is actually ipfstat -in: > (run on my m0n0/exec.php) > $ ipfstat -in > @1 pass in quick on lo0 all > @2 block in log quick from any to any with short > @3 block in log quick from any to any with ipopts > <snip> > # Group 100 > @1 pass in quick from 192.168.0.0/24 to 192.168.0.1/32 keep state group 100 > @2 pass in quick from 192.168.0.0/24 to any keep state group 100 > # Group 200 > @1 pass in quick proto tcp/udp from any to 192.168.0.27/32 port 5059 >< > 5062 keep state group 200 > @2 pass in quick proto tcp/udp from any to 192.168.0.27/32 port 16383 >< > 16483 keep state group 200 > @3 pass in quick proto tcp/udp from any to 192.168.0.33/32 port 2299 >< > 2312 keep state group 200 > <snip> > > For IPv4, m0n0wall uses the group 100 for the lan interface, 200 for the > wan interface, 300, 400, 500 etc for optional interfaces. For IPv6, it > uses the same numbers, but adds 10000, so the lan interface is 10100, > the wan 10200, etc. > > Hope this helps. > Adam Many thanks Adam. This is exactly what I was looking for. I'm familiar with Linux, not with FreeBSD. I should have searched for ipmon myself. How blind one can be... Egbert Jan |